Fletcher, Stephen P
2004-Mar-31 17:43 UTC
[Samba] winbindd logon still requires Unix user id
I'm running Samba 3.0.2a (UCLA binaries) on AIX 5.2. The net command
worked fine and joined a win 2k domain.
The wbinfo -u and wbinfo -g work great. However, all connections fail
unless the user id exists on the AIX machine.
I can bypass the problem by using username map and a dummy account
"bozo". Here's a section of the Configuration
# Samba config file created using SWAT
# from 10.23.20.63 (10.23.20.63)
# Date: 2004/03/30 14:05:38
# Global parameters
[global]
workgroup = UPITS
security = DOMAIN
auth methods = winbind
allow trusted domains = No
password server = chaadsits01
username map = /usr/local/private/usermap.txt
log level = 2
preferred master = No
local master = No
domain master = No
ldap ssl = no
idmap uid = 80000-90000
idmap gid = 90001-99000
template homedir = /samba/home
template shell = /bin/ksh
winbind separator = +
Here are the entries from the usermap.txt file:
# all windows user names translate to a Unix ID.
bozo = Richard Brent
steve = Mike Shawn
I can't figure out what I'm doing wrong. Please help!
S.
If you are trying to authenticate against Active Director, try the following
Change security to ADS
Remove auth methods
Add a realm = that equals your ad domain name such as
this.domain.com.whatever
Check your /etc/krb5.conf
It should have at a minimum
[libdefaults]
default_realm = THIS.DOMAIN.COM.WHATEVER
[realms]
THIS.DOMAIN.COM.WHATEVER = {
kdc = ip.of.your.ad
# admin_server = ip.of.your.ad
# passwd_server = ip.of.your.ad
}
[domain_realm]
.this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER
this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
retain_after_close = false
debug = true
Also check your /etc/nsswitch
it should have the passwd and the group with
Files winbind
Good luck
Brett Stevens
> From: "Fletcher, Stephen P" <SFletcher@unumprovident.com>
> Date: Wed, 31 Mar 2004 12:42:49 -0500
> To: <samba@lists.samba.org>
> Subject: [Samba] winbindd logon still requires Unix user id
>
> I'm running Samba 3.0.2a (UCLA binaries) on AIX 5.2. The net command
> worked fine and joined a win 2k domain.
>
> The wbinfo -u and wbinfo -g work great. However, all connections fail
> unless the user id exists on the AIX machine.
>
> I can bypass the problem by using username map and a dummy account
> "bozo". Here's a section of the Configuration
>
>
>
> # Samba config file created using SWAT
>
> # from 10.23.20.63 (10.23.20.63)
>
> # Date: 2004/03/30 14:05:38
>
>
>
> # Global parameters
>
> [global]
>
> workgroup = UPITS
>
> security = DOMAIN
>
> auth methods = winbind
>
> allow trusted domains = No
>
> password server = chaadsits01
>
> username map = /usr/local/private/usermap.txt
>
> log level = 2
>
> preferred master = No
>
> local master = No
>
> domain master = No
>
> ldap ssl = no
>
> idmap uid = 80000-90000
>
> idmap gid = 90001-99000
>
> template homedir = /samba/home
>
> template shell = /bin/ksh
>
> winbind separator = +
>
>
>
> Here are the entries from the usermap.txt file:
>
>
>
> # all windows user names translate to a Unix ID.
>
>
>
> bozo = Richard Brent
>
> steve = Mike Shawn
>
>
>
> I can't figure out what I'm doing wrong. Please help!
>
>
>
> S.
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>